Openomics 2018: Essay

The Aadhaar Raj

What it enables by way of e-commerce must not be overshadowed by the dangers it exposes people to

IMAGINE A TOOL that enables the equitable distribution of subsidies to all who need it, while at the same time being armoured against fraud. Imagine a tool that enables financial inclusion for all, while being armoured against attempts at tax evasion and money-laundering. Imagine a tool that eases e-commerce and allows for instantaneous transactions on mobile phones.

Now, imagine a tool that enables the Government to track anything and everything that any and every individual does. Also, imagine a tool which lays every user open to multiple forms of identity theft, and cyber impersonation.

The Aadhaar or unique biometric identity was designed and promoted to perform the first set of tasks. But it has run into an endless string of controversies and now faces major constitutional challenges because it also seems to be an excellent tool for mass surveillance and it exposes every individual to the threat of identity theft. What’s more, there is a large and growing body of evidence that the technology doesn’t deliver benefits as advertised.

The concept of a biometric ID system was first explored by Nandan Nilekani in his book, Imagining India: Ideas for the New Century. Nilekani was looking for technocratic solutions to some major problems. Given India’s universal adult franchise and a massive population that lives—or rather survives—below the poverty line, it is a political necessity to dole out food via a Public Distribution System (PDS) to ensure nobody starves to death. There is also a need to hand out subsidised cooking fuel to the same population, if only to ensure that trees are not cut down and indiscriminately burnt. But that PDS is leaky and open to fraud. There are multitudes of fake ration cards in circulation, and people possess multiple subsidised LPG connections. Hence, the Government is defrauded on a regular basis on a massive scale. It also means that subsidised food and gas do not reach the intended beneficiaries.

Another policy problem is financial access. For that, everyone must have bank accounts. But a bank account can only be held by somebody whose identity is verified, with an officially recognised physical address. Or else, easy financial access opens up the financial system to tax fraud and money-laundering.

However, India has large numbers of homeless people who live on the street without verifiable residences. It has multitudes dwelling in slums, squatting in shanties that are not officially recognised as valid addresses by municipalities. And, like any modern economy, India also has migrant labour moving around in search of work. That particular demographic includes the Bihari farm worker who brings in the Punjab harvest; it includes the Bengali diamond-cutter, who spends eleven months of the year in Surat; it includes the Manipuri software engineer, who lives as a paying guest in Bangalore and cannot get a passport.

A unique identity system would, in theory, enable the Government to weed out the duplicate gas connections and ghost ration cards. Such an identity could, on paper, prevent tax-fraud while allowing everyone to access the banking system. Given a unique identity, the address could change but the individual would still be verifiably the same. That would let the Government collect taxes while scholarships, stipends, pensions, gas subsidies, MNREGA payouts and so on could be conveniently and directly transferred to the correct recipients. In addition, that unique identity would allow for easy m-commerce and m-banking, since the number would be verifiable as linked to an individual’s bank account, credit card or mobile wallet. Optimists expect the facility to create a vast field of business opportunity in the years ahead.

Now, how does one give every individual a unique identity? The technocratic solution uses biometric information. Every individual has unique fingerprints and iris patterns. If those prints can be digitally recorded and stored in a database, the identity of a given individual can be verified.

The Aadhaar concept led initially to a turf war between two powerful ministers in the erstwhile UPA Government who respectively controlled Home Affairs and Finance. For a while, there was even a proposal to run two parallel databases with similar biometric data. The task of creating and managing Aadhaar was handed over to a new authority, the Unique Identity Authority of India (UIDAI). This entity was given enormous powers. Complaints about Aadhaar can only be filed with its permission, for instance. It was also given enormous responsibility. It would be the UIDAI’s task to ensure that the data stored would not be leaked in the process of verification.

Leaks could open the system of biometric verification to being gamed and defrauded in ways that are otherwise unimaginable. By duplicating digitally-recorded biometric data, or finding ways to bypass verification, it is possible to impersonate people and set up fake bank accounts, apply for passports, buy ‘burner’ pre-paid mobile subscriptions for criminal and terrorism- related activity, among other things.

If other information is also tied directly to Aadhaar, it can also enable mass surveillance at the click of a mouse. By accessing that one UIDAI silo, it may be possible to learn any individual’s banking and credit history, tax records, place of residence, passport number, cellphone and email ID, medical records, and anything else tied to that number. Any government agency, or any individual, with access to that information could turn the concept of data privacy into a sick joke. Warrant-less mass surveillance using the scheme is also possible.

Optimists expect it to generate new opportunities for business, but with 1.2 billion identities, a failure rate of even 1 per cent could be a nightmare for 12 million people

So, the biometric system has to be absolutely perfect in terms of verifying identities and also thoroughly proofed against breaches and unauthorised access. Even a 1 per cent verification failure rate in either direction amounts to a huge number. In dealing with 1.2 billion people, a failure rate of 1 per cent equals 12 million—more than the population of many countries. ‘Fake positives’, where the UIDAI verifies false biometric data as real, would be dangerous since it would let criminals into the system. On the other hand, ‘fake negatives’, where the system rejects genuine data, would mean people are excluded from subsidies and direct benefit transfers, denied passports and locked out of the financial system. It was unclear until the system was working on a large scale what the technical issues could be in terms of fake positives and negatives and in terms of data security. Surveillance and privacy concerns were raised right from the start. Unfortunately, India doesn’t have a Privacy Law and indeed, the Right to Privacy was not recognised as a Fundamental Right until quite recently in a 2017 judgement.

The Supreme Court tried to limit the use of Aadhaar in a 2013 judgment. It said the identity would not be mandatory but voluntary. It also said that it would be used only in case of direct benefit transfers and subsidies. This meant that those who had other identity documents (passports, driving licenses, PAN and voter cards) could use those for other purposes. Limiting the scope of use would have meant fewer dimensions to the security issues. That order, however, was ignored by the Government. Using the route of a Money Bill to avoid opposition in the Rajya Sabha in 2016, the Government made it mandatory for Aadhaar to be linked to every bank account, telephone number, hospitalisation procedure, birth, death and marriage registration, tax returns, and what have you.

AS A RESULT of mass linkages, multiple organisations now possess sensitive personal data linked to Aadhaar. Some of these databases are held by government institutions, some by private companies. These are pretty large, consisting of hundreds of millions of individuals in the case of mobile service providers and large banks. If any of those bases are insecure, that data may be pushed out into the wild. For example, every bank has a list of account holders, along with credit cards, Aadhaar, PAN, residential addresses, mobile numbers and email IDs. Every mobile service provider has an overlapping but different data set linked to the Aadhaar of subscribers. Hospitals have Aadhaar records of patients linked to medical histories, credit cards, insurance policies and so on.

Each of these databases has been created by verifying Aadhaar through devices that capture and transmit digitised biometric information to be verified by the UIDAI. There are many service providers, using devices to capture and transmit that data. In theory, it is illegal to store that biometric information. In practice, it is very easy to capture and store—all it takes is one rogue employee.

One huge problem is that biometric data cannot be changed, unlike a password. If your fingerprints are stolen and reproduced digitally, you will have a hell of a time proving any fraud that occurs and you will never be fully secure again.

There have already been multiple cases of misuse of Aadhaar data. A prominent telecom company was at the centre of a scandal when mobile subscribers discovered that they had also unknowingly been made account-holders at its payment bank and their gas subsidy payments were being transferred into those accounts. In other instances, criminals have used moulded plastic fingerprints to fool the system after capturing biometric data.

Access to the entire Aadhaar database—all 1.1 billion numbers— was also available for the princely sum of Rs 500 as a Chandigarh-based news daily revealed in an investigative story. Many hackers have exposed flaws in the security. A simple Google search will throw up Aadhaar-linked databases. A stolen cellphone can also be used to change a residential address and set up new bank accounts .

The official response to leaks and security lapses has been generally lackadaisical. In other instances, the UIDAI has simply said the equivalent of ‘Not our fault’. This is cold comfort for somebody whose digital identity has been stolen.

There is also evidence Aadhaar doesn’t efficiently perform the task it is designed for. The failure rate is high. For example, in Aadhaar verification for MNREGA payments in Telangana, the failures averaged 7.8 per cent. The Economic Survey 2016-17 lists multiple cases of states where high failure rates exist. There have been starvation deaths when the Aadhaar system has registered fake negatives and persons below the poverty line have been denied PDS food. Biometric data changes as people age (or if they have an accident), and this leads to a Catch-22 situation. The individual cannot update biometric data because the verification system will reject them. Or, if a provision is created for biometric updating after fake negatives, that facility may be misused to impersonate somebody.

The supposed financial benefits of using Aadhaar may also be overstated. Finance Minister Arun Jaitley , claimed that the Government had saved Rs 15,000 crore by using Aadhaar in the LPG subsidy scheme to weed out ghost connections. Independent analysts suggest the actual gain was closer to Rs 120 crore. Jaitley was apparently including savings resulting from the efforts of oil-marketing companies to eliminate ghost LPG accounts before Aadhaar was introduced. The RBI also released a study that suggested that its savings were ‘mixed’.

I have avoided using statistics as far as possible because there are points of principle involved. Even a few starvation deaths due to fake negatives calls into question the entire policy of using Aadhaar for transferring benefits and subsidies. Even one citizen put under warrantless surveillance calls into question the tool that enables such surveillance. The scheme covers every resident of India (including non-citizens) and employs an army of operators and data-entry clerical staff. The database is accessed by thousands of organisations for a multitude of purposes. There are multiple partial copies of the database in the possession of many offices. India doesn’t have a privacy and data privacy law. Common sense suggests that it is impossible to guarantee data security under those circumstances.

So why is the Government so insistent on the project? Partly due to sunk costs. Much money and political capital has already been spent. It may possibly serve as a surveillance tool too. The Supreme Court is currently hearing multiple petitions related to Aadhaar and its privacy and security concerns. The deadline for mandatory linking to bank accounts, mobiles, etcetera, has been extended until the Court makes a judgment. One can only hope that it will find a way to safeguard the fundamental rights of citizens.